Ubuntu Security Notice 986-2 – USN-986-1 fixed a vulnerability in bzip2. This update provides the corresponding update for ClamAV. An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94061/USN-986-2.txt
Source: https://packetstormsecurity.com/files/94061/Ubuntu-Security-Notice-986-2.html